Permissions required to run VisualSVN Server

By default, system built-in Network Service account is used to run VisualSVN HTTP Service and all the required permissions are assigned to this account automatically during the installation. But you might want to run VisualSVN HTTP Service under a dedicated user account. This improves VisualSVN HTTP Service isolation from other services that can be run under Network Service built-in account. In this case, you should grant this dedicated account the required permissions manually. This article describes all access permissions required to run VisualSVN Server.

List of permissions required to run VisualSVN Server

The following NTFS permissions should be granted on the computer where VisualSVN Server is installed:

Object Account Permission
C:\Repositories\ ServiceAccount Modify
C:\ ServiceAccount Read & Execute
C:\Program Files\ ServiceAccount Read & Execute
C:\Program Files\VisualSVN Server\ ServiceAccount Read & Execute
C:\Program Files\VisualSVN Server\certs\ ServiceAccount Read & Execute
C:\Program Files\VisualSVN Server\bin\ Network Service Read & Execute
Note
If you have very strict security policy and do not want excessive permissions to be granted to any account, grant nonrecursive permissions for C:\ and C:\Program Files\ folders.

ServiceAccount is the account under which VisualSVN HTTP Service is running (Network Service built-in system account by default).

Note that permissions are listed for the case where VisualSVN Server installation is performed by default, i.e.:

  • VisualSVN Server is installed into C:\Program Files\VisualSVN Server\ folder;
  • Repositories are stored in C:\Repositories\ folder on the same computer.

If you perform installation with the default settings and the default security policy settings applied to your computer, all permissions are assigned automatically. You should configure the required permissions manually in the following cases:

  • Repositories are stored remotely on a network share. In this case, ServiceAccount should have "Modify" NTFS permission and "Read" and "Change" share permissions on the remote storage folder. See KB22 for details on setting VisualSVN Server to store repositories remotely.
  • VisualSVN Server is installed to an alternative location. In this case, permissions for the parent folders of the installation folder should be configured manually.
  • VisualSVN HTTP Service is configured to run under a dedicated user account. See KB24 for details on setting up VisualSVN HTTP Service to run under a dedicated user account.

How to check permissions

To check account permissions on the specific folder:

  1. Start File Explorer and browse to the required folder.
  2. Right-click the folder name and select Properties.
  3. Select the Security tab.
  4. Check whether the account name is in the list of accounts, and all the necessary permissions are set.

How to assign permissions

To assign permissions on the specific folder to account:

  1. Start File Explorer and browse to the required folder.
  2. Right-click the folder name and select Properties.
  3. Select the Security tab.
  4. Click Edit.
  5. Click Add, type the account name and click OK.
  6. Select the required permissions, and click OK to apply and save changes.
Last Modified: